The Setup
Host: Ubuntu 18.04 “Bionic Beaver” release
Software: Google Chrome
Original article found on linuxbabe
Super handy, and secure way to ssh into your Linux Box at home. This uses the Android Google Authenticator for the QR code, generated right in the SSH window. And you get the added bonus of 6 one-time use codes to use.
To start, SSH into your Unbuntu computer as root.
$ sudo apt install libpam-google-authenticator
Then run the google-authenticator command to create a new secret key in your home directory.
$ google-authenticator
When asked:
Do you want Authentications to be time-based (y/n)
Answer Y!
The QR code should display in the SSH window, ideally you want to scan this into your Google Authenticator. Other sources point out that FreeOTP (developed by RedHat can serve the same purpose)
.
once scanned into your mobile Google Authenticator, you it should show as a new entry.
Configure SSH daemon to use google authenticator
$ sudo nano /etc/ssh/sshd_config
Add in:
UsePAM yes
ChallengeResponseAuthentication yes
Save file
$ sudo systemctl restart ssh
$ sudo nano /etc/pam.d/sshd
Add the lines
@include common-auth
Auth required pam_google_authenticator.so
Save the file!
Now anytime you connect to your SSH terminal to this server, you’ll receive the 2FA push
